One of the main concerns of BDB Microfinancing is the security of personal data of individuals - our customers and partners, and we have taken the necessary measures to bring the activities of all its offices / branches and employees in line with best practices. and legal requirements for the protection of information and its confidentiality.
When we collect personal data of our customers, we follow the principle of minimizing the processed data, legality, transparency and security. BDB Microfinancing (hereinafter referred to as the "Company") seeks to process only personal data that is essential and appropriate for achieving the objectives of its business.
Categories of personal data that are processed and purposes
The company processes those personal data that are necessary and related to its activities, while acting as an administrator or co-administrator of personal data. As part of the Group of Bulgarian Development Bank ЕAD, the Company shares data with Bulgarian Development Bank ЕAD (BDB, the Bank) for the purposes of legal risk and security assessment.
Regardless of the reason why you share your personal information with us, we recommend that you do not disclose sensitive personal information: such as information about racial or ethnic origin, religion, trade union membership, sexual orientation, health status, etc., unless is a necessary condition for you to be provided with a service by the Company.
Personal data processed in connection with the direct or indirect granting and guaranteeing of loans and the provision of other banking services
Depending on the specific product / service we offer, we process the following types of personal data:
- Personal data for identification and contact with the person - three names, PIN, ID number, citizenship, address and telephone number, signature form, customer number, bank account number, data on legal representatives and contained in powers of attorney, family position and kinship, data on place of work and position, data on a certificate for online banking;
- Personal data on financial condition - property status, credit indebtedness, amount of remuneration, concluded insurances, participation in commercial companies, information in connection with the products of the BDB Group used by you, etc .;
- Personal data of persons related to you - marital status and family ties; names, address and property status of persons related to you (guarantors, partners, family members); company legal relations on the occasion of participations in legal entities;
- Personal data in connection with special legal requirements - when we are obliged by law we collect data on conflict of interest, origin of funds, a copy of an identity document, connection data, etc.
- Personal data when concluding transactions by telephone - in addition to the identification data, we also collect a recording of the voice and the content of the conversation with a representative of the Company;
- Other personal data that you disclose to us - personal data contained in the portfolios of counterfeits formed with on-landing resources, contained in the individualization of property pledged in favor of the Company and contained in your letters or messages to us, in complaints, grievances or signals;
The processing of personal data by the Company is always related to a product / service provided by it or directly / indirectly requested by the data subject at the present or previous moment, and the processing is necessary to achieve any of the following objectives:
- identification of the person and his representative authority;
- preparation and execution of a contractual agreement concluded between the Company and the data subject (for example in connection with a request for granting or guaranteeing a loan, maintaining a payment account, conducting payment transactions, participation, reporting the results and providing collateral in connection with realized of financing programs with resources from the Company); performing legal and financial analysis, and assistance with a view to providing, maintaining and terminating banking products and services offered by us (including in respect of collateral provided to the Company);
- mandatory data processing under a legal obligation (to prevent money laundering and terrorist financing, fulfill certain tax obligations, transfer data to the Central Credit Register, the Central Register of Special Pledges, the Registry Agency, or to implement international conventions and treaties);
- to fulfill our obligation to provide information to state bodies and institutions such as the BNB, NSSI, NRA, SANS, bodies of the judiciary and the prosecution, etc .;
- for protection of our rights and legitimate interests in the collection of receivables (including by force and with the assistance of judicial authorities, consultants and bailiffs) arising from contractual agreements concluded by and between the Company and the data subject - personally or in the capacity his legal representative, respectively concluded by and between the on-landing partner of BDB / the Company and the data subject;
- for risk management based on legitimate interest (data for analysis, assessment, compliance with regulatory and legal requirements for capital adequacy, fraud prevention, strategic planning and management of the Company's portfolio);
- customer classification based on MiFID and MiFID II;
- credit assessment and rating, customer profiling; assessment of whether they meet the requirements for granting a loan under the respective financing program;
- statistical analyzes and evaluations;
- complaint handling;
- contacting data subjects and their representatives in connection with a bank account opened with the Company in connection with sending important messages and notifications;
- other purposes specified in the client's contract or in the respective General Terms and Conditions for the banking services offered by the Company (when such are available);
More information about the personal data we process and the categories of recipients in connection with the individual programs can be found here:
Personal data processed for the purpose of improving customer service and advertising:
Based on your prior consent and if you wish, we may disseminate information about your project funded by the BDB Group, details of your name, location and photo (for example, by publishing on the BDB Group website). We use this personal data to encourage more citizens, small and medium-sized enterprises to develop their business with the help of the BDB Group.
Personal data processed when visiting the website and offices of the Company
When you visit our offices and in order to protect your and our security, we use physical security measures such as CCTV surveillance and access control by registering visitors at the reception.
The personal data we process are the names of the visitors, the date and time of access to the building, as well as a video image. We store this data in a secure location, allowing only a limited number of people to access it and only when necessary.
Personal data of persons who are not clients of the Company
In certain cases, the Company will process personal data of individuals who are not customers of the Bank, for example:
- When the person provides collateral in favor of the Company - in these cases we collect personal data about this person such as names, PIN, data from an identity document, data about current residence, data about owned property, bank accounts and financial indebtedness;
- When the person visits the offices of the Company (for example as an escort) - we will photograph this person and / or register him at the reception by requesting two names and with whom he wishes a meeting, date and time of the visit;
- When the person makes bank transfers in favor of BDB clients on their accounts opened with the Bank - we will receive data on account number, amount of transfer, grounds for the transfer, date and time;
- When the person is indicated as a proxy / contact person by a client or employee of the Bank / Company;When the bank / Company is a party to a contract to which you are / represent a third party beneficiary;
- When information about our person is shared by a state / municipal authority, our client (and / or its employee) or an employee of the BDB Group.
Personal data processed when applying for a job
The personal data that we collect in the selection process are used only to identify the candidates with the closest profile to the requirements for the specific position. After the completion of the selection, the provided information is kept for 3 months and is destroyed.
The personal data that we process for the purposes of selection are name, previous professional experience, information on education and acquired qualifications, as well as other information that is relevant in the specific case and is related to the job application.
How long do we store your personal data?
BDB stores your personal data only for the minimum period necessary to achieve the objectives set out in this Policy, as well as when by law or international agreement it is obliged or has the right to store them for a longer period.
The retention period is determined taking into account several factors, including the duration of the provision of services (for example, in deferral and renegotiation of the loan), if necessary in order to establish, exercise or protect our legal claims (for example, to collect overdue receivables) , or whether we have a legal obligation to store the data (for example, accounting documents for a period of 5 years or 10 years).
We are obliged to store personal data related to programs implemented with international financing and support for up to ten years after the conclusion of our contract with the partner international bank.
Data related to video surveillance and access control in the offices of the BDB Group are stored for a short period of time - usually 30 days, unless a longer processing period is required to protect our legal claims - for example for the purposes of additional incident investigation.
Who do we share your personal information with?
In connection with the applicable legal requirements, we are obliged to transfer your personal data to registers such as: CRC, CROZ and TRYULNC, as well as to state bodies and institutions such as BNB, NSSI, NRA, SANS, judicial system, prosecutor's office and others.
Your personal data is subject to automatic exchange in connection with compliance with data exchange requirements under the Tax and Social Security Procedure Code (TSPC) and the Agreement between the Government of the Republic of Bulgaria and the Government of the United States of America to improve tax compliance internationally. connection to an initiative also known as FATCA.
With regard to the programs and products of the BDB Group, which are provided jointly and in cooperation with local and international partners of the Group (a list of international partners is available here), personal data of clients are exchanged, as far as necessary for the respective service, the conclusion of a loan or collateral agreement, control over the fulfillment of the contractual obligations, accountability to the Bank's partners and protection of their interests.
A list of commercial banks and non-bank credit institutions - partners of BDB on the territory of the Republic of Bulgaria can be found here.
When concluding transactions by telephone, we use telephone exchange services from the mobile operator MTel / A1.
When we defend our rights and legitimate interests and if we use the services of external consultants, lawyers, translators, auditors, etc., we disclose to them the amount of personal data that is necessary to assist us.
The Company will not share or distribute your data for marketing or other purposes to third parties.
In other cases and to the extent necessary, personal data is provided only to our trusted partners - technical providers of marketing services and web design services, IT support, courier service providers, for whom we have made sure that they meet the highest standards. for security of information and its confidentiality.
Providing data to our partners is necessary so that we can deliver the services you have requested, as well as to improve the functioning of our website.
How do we protect your rights?
The company processes your personal data only in accordance with the above objectives and deadlines.
When we collect personal data, we do so in a minimal amount and only for pre-defined and clearly defined purposes and retention periods. We provide access to the data only to a limited number of persons who have been previously trained and instructed on how to work with the data.
In connection with the entry into force of new European rules for personal data protection, the Company undertook a detailed analysis and audit of all our processes related to personal data processing. As part of this analysis, we check our partners, revise our procedures and rules, train our employees, and use experienced information security consultants to ensure compliance with the highest standards of confidentiality and security of your information.
What are your rights?
As a data subject, you have the right to receive confirmation and / or detailed information, incl. a copy of the personal data processed for you (right of access).
In addition, you may object to the collection and further processing of your personal data, as well as request that they be corrected (updated) or deleted (when we do not have a valid legal basis to continue processing them).
It is important to know that you can withdraw your consent to the processing of personal data at any time. You can do this by communicating your intention to the designated Data Protection Officer, whose contacts are listed below.
If you believe that your data protection rights have been violated, you have the right to file a complaint to the Commission for Personal Data Protection: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., tel. 02 / 91-53-518, e- e-mail: firstname.lastname@example.org and / or other supervisory / regulatory body, when you believe that there is a violation in connection with the processing of your personal data by the Company.
To ask questions about your rights or if you want to exercise any of them, please contact the Data Protection Officer.
We will review each of your requests without undue delay within 30 days of receiving the request. If we are unable to do so for reasons beyond our control, we will notify you in a timely manner, stating the reasons for the delay.
Changes in current policy
Any change in this policy will be announced on the website of the Bank / Company and in each of our offices. In the event of a significant change in the information, we will additionally notify you by sending an email or SMS message. Users of our online banking services will also be notified when logging in to their account.
Contact details of a data controller
The company BDB Microfinancing, with UIC 201390740
Headquarters and address of management: Sofia, 1 Dyakon Ignatiy Str
Tel. for contact: 02/93062787
Contact details of the Data Protection Officer
Name: Emil Yotov
Contact address: 1 Deacon Ignatius Street
Tel. for contact: 0877 205656